Vulnerabilities > Westerndigital

DATE CVE VULNERABILITY TITLE RISK
2021-06-29 CVE-2021-35941 Improper Authentication vulnerability in Westerndigital products
Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472.
network
low complexity
westerndigital CWE-287
5.0
2021-06-11 CVE-2021-33205 Improper Privilege Management vulnerability in Westerndigital Edgerover
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used.
network
low complexity
westerndigital CWE-269
6.5
2021-03-19 CVE-2021-28653 Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely.
network
low complexity
westerndigital CWE-922
4.0
2021-03-10 CVE-2021-3310 Link Following vulnerability in Westerndigital MY Cloud OS
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares.
local
low complexity
westerndigital CWE-59
4.6
2020-12-12 CVE-2020-29654 Uncontrolled Search Path Element vulnerability in Westerndigital Dashboard
Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
6.9
2020-12-12 CVE-2020-29563 Improper Authentication vulnerability in Westerndigital MY Cloud OS 5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118.
network
low complexity
westerndigital CWE-287
7.5
2020-12-01 CVE-2020-28971 Improper Input Validation vulnerability in Westerndigital MY Cloud OS 5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115.
network
low complexity
westerndigital CWE-20
7.5
2020-12-01 CVE-2020-28970 Unspecified vulnerability in Westerndigital MY Cloud OS 5
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115.
network
low complexity
westerndigital
7.5
2020-12-01 CVE-2020-28940 Unspecified vulnerability in Westerndigital MY Cloud OS 5
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.
network
low complexity
westerndigital
7.5
2020-11-18 CVE-2020-13799 Authentication Bypass BY Capture-Replay vulnerability in multiple products
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe.
local
low complexity
westerndigital linaro CWE-294
4.6